Several cross-site scripting vulnerabilities have been discovered inphpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW.The Common Vulnerabilities and Exposures project identifies thefollowing problems:

CAN-2005-2869

Andreas Kerber and Michal Cihar discovered several cross-site scripting vulnerabilities in the error page and in the cookie login.

CVE-2005-3300

Stefan Esser discovered missing safety checks in grab_globals.php that could allow an attacker to induce phpmyadmin to include an arbitrary local file.